<?php

$hostname="mysql-user.cse.msu.edu"; // Host name
$username="hewittry"; // Mysql username
$password="A39777266"; // Mysql password
$database="hewittry"; // Database name

mysql_connect("$hostname", "$username", "$password")or die("cannot connect");
mysql_select_db("$database")or die("cannot select DB");

$userId = mysql_real_escape_string($_REQUEST['user']);
$vehicleId = mysql_real_escape_string($_REQUEST['id']);
$actionType = mysql_real_escape_string($_REQUEST['act']);

switch($actionType)
{
	case 1:
		$table = "Notification";
		$userCol = "RegisteredUser_NonAdmins_AllUsers_LogonID";
		$vehicleCol = "VehicleForSale_VehicleForSaleID";
		$error = "sent a notification";
		$success = "Notification Sent!";
		break;
	case 2:
		$table = "Bookmark";
		$userCol = "RegisteredUsers_NonAdmins_AllUsers_LogonID";
		$vehicleCol = "VehicleForSale_VehicleForSaleID";
		$error = "saved this bookmark";
		$success = "Bookmark saved!";
		break;
}
$query = "SELECT * FROM $table WHERE $userCol = '$userId' AND $vehicleCol = '$vehicleId'";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result))
{
	echo "Patience is a virtue, grasshopper :/ You've already $error!";
}
else
{
	$query = "INSERT INTO $table VALUES ('$userId', $vehicleId, " . time() . ");";
	$result = mysql_query($query);

	echo $success;
}
?>